Method which is able to centralize the administration of the user registered information across networks

ABSTRACT

A method for centralizing administration of user registration information across networks is provided. It includes at least an Internet Content Provider (ICP) and a user-login-identification means, which can access an online terminal. The ICP adds an interface module in a login web page and accesses the user-login-identification means via the interface module. In addition, the ICP provides an administration/drive module monitoring access of the user-login-identification means to set up a connection and hang up the connection for the user-login-identification means in the login web page. The user-login-identification means has an ID number, and user&#39;s login identification information is stored in the user-login-identification means. According to the method and system of the present invention, the user is quickly and conveniently provided with a safe and universal login mode, in the case that the Internet Content Provider (ICP) makes no modification or only simple medications to the web page. The user not only can log in networks by using the login identification means which is safe and flexible but also can move conveniently at any time.

TECHNICAL FIELD

The present invention relates to a method and a system for identifyingand administrating user registration information in networks, and moreparticularly, to a method and a system for centralizing administrationof the user registration information across networks. The inventionbelongs to the computer technical field.

BACKGROUND OF THE INVENTION

Network is increasingly involved in people's daily life. Using a networkto exchange and transmit information is becoming a more and moreimportant information alternating communication method. In an actualoperation, a user has to enter his username and password when logging ina website. The network will only provide the user with particularservices after the user is identified. These operations become verybothering when the user has registered on a plurality of websites.

Microsoft has provided a network passport identification service, whichallows the user using one username and one password to access appendantwebsites of Microsoft.com and increasing number of participant websites.

Microsoft Passport is a kind of mono-service, which allows the userusing only one username and one password to access appendent websites ofMicrosoft.com and increasing number of participant websites. Owning aPassport means that you only need to remember one username and onepassword, and the technique is very easy. Because there is only oneusername and password to remember, you need only one click operation tolog in other websites after you have logged in a participant website,and it is very fast. A user can store his information in the passportlogin profile, therefore he will not have to enter his personalinformation once more while accessing other participant websites, whichis safer. The user's personal information is protected by a powerfulencryption technology and rigid privacy security measures, and the usercan always control which website is able to access his personalinformation including his e-mail and mail addresses. Furthermore, whenthe user logs out, all the information related to his passport will bedeleted from the computer, so it is safe to use his personal informationon public or shared computers.

Once having a .NET passport, the user can access each new websitewithout registering username and password —as long as he has logged inany one of the participant websites or services by using his emailaddress and password which were adopted in registering the .NETPassport. When the user enters his username and password in the loginbox to log in a .NET passport participant website, the .NET Passportwill verify the following information:

Whether the entered username has been registered as .NET Passport;whether the entered password is correct. If the result is positive, theNET Passport service will inform the website about the user ID (in thecase that valid login certification has been provided), and then theuser will be permitted to access the participant website. Once havinglogged in a participant website of the .NET Passport during an Internetsession, the user can log in other participant websites by a singleclick on the “.NET Passport login” button in each participant website.

The user's operation comprises the following steps:

1. Register the username and password of the .NET Passport (the usernameis an Email address);

2. Log in any of the participant websites or services;

3. Enter the username and password in the login box of the .NETPassport;

4. The access to the participant website is permitted (login succeeds)if the username is registered as .NET Passport and the entered passwordis correct;

5. During the Internet session, it is not necessary to enter thepassword again when the user logs in other participant websites orservices.

Although owning a Passport means that the user only needs to rememberone username and password, it is hard to modify all the data formatsuniform and the number of websites participating in the Passport islimited due to the difference of existing data formats of differentwebsites. The Windows provides a function for remembering usernames andpasswords, but it only fits for some personal computers since thefunction only exists in local computers which results in less securityand portability.

SUMMARY OF THE INVENTION

The object of the invention is to provide a system and a method forcentralizing administration of user registration information acrossnetworks, and to quickly and conveniently provide a safe and universallogin mode, in the case that the Internet Content Provider (ICP) makesno modification or only simple medications to the web page.

Another object of the invention is to provide a system and a method forcentralizing administration of user registration information acrossnetworks. The user can log in networks conveniently by using the systemwhich is safe, flexible and can be moved at any time.

The objects of the invention are achieved as follows:

A method for centralizing administration of user registrationinformation across networks, including at least an Internet ContentProvider (ICP) and a user-login-identification means which can access anonline terminal; wherein, the ICP adds an interface module in a loginweb page and accesses the user-login-identification means via theinterface module, and the ICP also provides an administration/drivemodule monitoring access of the user-login-identification means to setup a connection and hang up the connection for theuser-login-identification means in the login web page; theuser-login-identification means is provided with an ID number, and theuser's login identification information is stored in theuser-login-identification means.

Authenticating the ICP includes the steps of, obtaining anauthentication file, transmitting the authentication file to theadministration/drive module, decrypting the authentication file by theadministration/drive module, and accessing the user-login-identificationmeans.

The administration/drive module can lead in and/or lead out the datastored in the user-login-identification means so as to backup the data.The administration/drive module can also automatically log in thenetwork after the ICP has accessed user-login-identification means viathe interface module and verified the identification information.

Furthermore, the authentication between the ICP and the loginverification serving party can also be achieved in online mode accordingto the invention. The ICP accesses the login verification serving party,and the login verification serving party transmits a code of theuser-login-identification means to the ICP which adds the loginidentification information in the login web page according to the code.The interface module transmits the ICP information to the loginverification serving party for verification, and the access to theuser-login-identification means is permitted in the case of validverification. The Login verification serving party maintains a databaseof authentication files so as to manage the authentication files.

The login verification serving party and/or the ICP website provide aninterface module and an administration/drive module, and verify whetherthe interface module and the administration/drive module have beendownloaded. If positive, the modules are activated; if negative, themodules are downloaded firstly, and then activated. In the case that theuser-login-identification means is in an active state, the ICP canaccess the user-login-identification means only after it has beenauthenticated by the login verification serving party.

Particularly, accessing the user-login-identification means includesstoring or reading login identification information in theuser-login-identification means. The login verification serving partytransmits an authentication file to the ICP, and the ICP accesses theuser-login-identification means according to the file. Theauthentication file includes ICP identification information, and/orspecific area guide information of the user-login-identification meansand/or data processing guide information.

Furthermore, a registration table of the ICP identification informationis stored in the user-login-identification means, and is used forguiding different ICPs to access the corresponding areas or contentswhile accessing the user-login-identification means. Theadministration/drive module can lead in and/or lead out the data storedin the user-login-identification means so as to backup the data, and canalso automatically log in the network after the ICP has accessed theuser-login-identification means via the interface module and verifiedthe identification information.

Furthermore, the ICP reads out the information stored in theuser-login-identification means via the interface module. If loginidentification information is obtained, the interface module returns thelogin identification information to the ICP web page and determineswhether an automatic submit and login should be performed according tothe user's setup; if the login identification information is notobtained, the interface module informs the web page that loginidentification information is not available and stores the generatedlogin identification information in the user-login-identification means.

Storing the login identification information includes the ICP storingthe login identification information in the user-login-identificationmeans via the interface module, in the case that the user logs in theICP website for the first time, or the user selects to manually enterthe login information once more, or the user-login-identification meansis used for the first time.

The ICP web page is provided with a registration information window; theICP invokes parameters of the interface module and saves several sets ofregistration information of the same web page or the last set ofregistration information.

For example, The ICP web page is provided with a registrationinformation window. The ICP accesses the user-login-identification meansvia the interface module and verifies the login identificationinformation provided by the ICP web page, and stores the new loginidentification information in the user-login-identification means tooverwrite the original login identification information, and thentransfers the relating information to the ICP web page. The informationis displayed on the web page after being obtained.

Moreover, the ICP web page is provided with a plurality of window linksto the registration information. The ICP reads theuser-login-identification information stored in theuser-login-identification means and verifies the login identificationinformation provided by the ICP web page; if negative, the ICP storesthe login identification information in the user-login-identificationmeans, if positive, the ICP directly reads it out and transfers therelating information to the ICP web page. The information is displayedon the web page after being obtained.

Particularly, the user login identification information includes the ICPidentification information or the form information or the useridentification information or the combination of the above.

A system for realizing any one of the said methods comprises a computer,Internet networks, an ICP and a user-login-identification means, whereinthe computer can log in the internet network to communicate withdifferent ICPs; the user-login-identification means is capable ofaccessing the computer from outside and has at least an identificationnumber and encryption storage space. The user-login-identification meansperforms the information transmission by operating the computer.

The information transmission between the computer and theuser-login-identification means is processed with encryption ordecryption. The encryption includes protecting an encryption area byusing the user's PIN code or encryption utilizing RSA 512PKI keymanagement. The user-login-identification means is also provided with astorage region for storing the information of the ICP itself.

Particularly, the user-login-identification means can be an external andportable memory means with a standard data interface, or a card-readermeans or an ID identifying means thereof, for example, a USB storagedevice, a CF card, a MMC card, a SD card, a SMC card, an IBM Micro Drivecard, a flash storage module or an IC card, or the corresponding cardreader therein.

Moreover, the user-login-identification means can be a computerperipheral, such as a keyboard, a mouse, a handwriting board, soundboxes, or a portable PDA, a music player, or an electrical dictionary.

Furthermore, the ICP of the system of this invention is connected with alogin verification serving party, which transmits the code of theuser-login-identification means to the ICP, and the ICP adds the loginidentification information on the web page according to the code. Theinterface module transmits the ICP information to the login verificationserving party to verify the information, and the access to theuser-login-identification means is permitted if the verification isvalid. In particular, the login verification serving party is a server.

According to analyzing the above technical solution, it is obvious thatthe invention has the following advantages:

1. The registration information is centralized so that the botheringoperations of logging in networks are simplified.

2. The portable hardware can be carried by the user, and can be used atany time or any place.

3. The security of the user's personal information is guaranteed by thedouble encryption of both hardware and data.

4. The user's operation is visual and simple because of the practicalfunction management provided by the administration/drive module.

5. The ICP doesn't need to modify the existing data format.

6. The ICP obtains a flexible interface, which can be extended with manycustomized applications besides the login application.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic network system according to the invention;

FIG. 2 is a flowchart illustrating the user accessing the ICP todownload the administration/drive module according to the invention;

FIG. 3 is a flowchart illustrating the ICP accessing theuser-login-identification means according to the invention;

FIG. 4 is a flowchart illustrating the user logging in the ICP byutilizing the login identification means according to the invention.

DETAILED DESCRIPTION OF THE EMBODIMENTS

Next, the invention will be described in details in conjunction with thefigures and the specific embodiments.

As shown in FIG. 1, the present invention comprises a computer, Internetnetworks, an ICP and a user-login-identification means. The computer canlog in the Internet network to communicate with different ICPs; theuser-login-identification means is a device which can connect with thecomputer from outside and has at least an identification number andencryption storage space, and performs the information transmission byoperating the computer. Particularly the ICP adds an interface module inthe login web page and accesses the user-login-identification means viathe interface module. The ICP also provides an administration/drivemodule monitoring access of the user-login-identification means to setup a connection and hang up the connection for theuser-login-identification means in the login web page; theuser-login-identification means is provided with an ID number, and theuser's login identification information is stored in theuser-login-identification means.

Particularly, the user-login-identification means can be an external andportable memory means with a standard data interface, or a card-readermeans or an ID identifying means thereof, for example, a USB storagedevice, a CF card, a MMC card, a SD card, a SMC card, an IBM Micro Drivecard, a flash storage module or an IC card, or the corresponding cardreader therein.

Moreover, the user-login-identification means can be a computerperipheral, such as a keyboard, a mouse, a handwriting board, soundboxes, a portable PDA, a music player, or an electrical dictionary.

Wherein the user-login-identification means can have a uniqueidentification number, or a plurality of identification numbers for theuse of various people by partitioned control.

The method and system according to present invention provide a universalnetwork ID, which can be identified uniquely. By utilizing thelogin-identification means, any user can automatically log in all theauthorized ICPs or the ICPs with the right to access thelogin-identification means.

The login verification serving party such as CA can proceed onlineauthorization and authentication with the ICP and theuser-login-identification means; authentication between the ICP and theuser-login-identification means can be self accomplished offline—withoutthe login verification serving party participating in, and according tothe information stored in the user-login-identification means.

Wherein, the procedure of the authentication and login between the ICPand the user-login-identification means will be described in combinationwith the FIG. 2, 3. It comprises at least an Internet Content Provider(ICP) and a user-login-identification means which can access an onlineterminal; wherein the ICP adds an interface module in a login web page,and accesses the user-login-identification means via the interfacemodule. The ICP also provides an administration/drive module monitoringaccess of the user-login-identification means to set up a connection andhang up the connection for the user-login-identification means in thelogin web page; the user-login-identification means has a unique IDnumber, and is utilized in storing the user's login identificationinformation. The administration/drive module can lead in and/or lead outdata stored in the user-login-identification means so as to backup thedata. The administration/drive module can also automatically log in thenetwork after the ICP has accessed the user-login-identification meansvia the interface module and verified the identification information.

The steps are as follows:

1. Inserting the user-login-identification means and downloading theadministration/drive module;

2. Entering the PIN code, activating the user-login-identification meansand logging in the web page requiring to enter the login information;the ICP access authentication information is stored in theuser-login-identification means to verify whether the accessing ICP hasbeen authorized to access it. The authentication file includes the ICPidentification information and/or the specific area guide information ofthe user-login-identification means and/or data processing guideinformation and/or time information. The registration table of the ICPidentification information is stored in the user-login-identificationmeans, to guide different ICPs only accessing the corresponding areas orcontents in the means. Different ICPs store or read the respectivelogin-identification information in the corresponding areas of theuser-login-identification means.

3. The ICP accesses the user-login-identification means and proceedsauthentication; if the verification is valid, the access is permitted;otherwise, the access is not permitted. Wherein the accessing compriseschecking the user ID identification information stored in theuser-login-identification means or generating the user ID identificationinformation in the user-login-identification means. Particularly, theICP authentication comprises obtaining the authentication file via theinterface module, transmitting the file to the administration/drivemodule, decrypting the authentication file by the administration/drivemodule, and accessing the user-login-identification means.

4. The ICP reads the information stored in the user-login-identificationmeans, and if the login identification information is obtained, theinterface module returns the login identification information to the ICPweb page and determines whether a login-submit or an automatic submit &login should be performed according to the user's setup; if the loginidentification information is not available, the interface moduleinforms the web page that login identification information is notavailable, and stores the generated login identification information inthe user-login-identification means. Storing the login identificationinformation includes the user logging in the ICP website for the firsttime, or the user selecting to manually enter the login information oncemore, or the first time use of the user-login-identification means, andthe ICP stores the login identification information in theuser-login-identification means via the interface module.

If the ICP web page is provided with a registration information window,the ICP invokes the parameters of the interface module and saves severalsets of registration information of the same web page or the last set ofregistration information in the user-login-identification means, whichcan be displayed in the ICP web page. In particular:

The ICP web page is provided with a registration information window. TheICP accesses the user-login-identification means via the interfacemodule, and verifies the login identification information provided bythe ICP web page, and stores the new login identification informationdata in the user-login-identification means to overwrite the originallogin identification information, and then transfers the relatinginformation to the ICP web page. The information is displayed in the webpage after being obtained.

The ICP web page is provided with a plurality of window links of theregistration information. The ICP reads the user-login-identificationinformation stored in the user-login-identification means, and verifiesthe login identification information provided by the ICP web page,stores the login identification information in theuser-login-identification means in the case of negative verification, ordirectly reads and transfers the relating information to the ICP webpage in the case of positive verification. The information is displayedin the web page after being obtained.

Another embodiment of the invention provides a method and a system forauthorizing and authenticating online among the login verificationserving party, the ICP and the user-login-identification means to log inthe network. The method comprises the following steps:

According to the invention, the administration/drive module is added bythe ICP according to the authorization of the login verification servingparty. The authorized ICP stores and reads out the user logininformation via the interface of the interface module (e.g. OCX).According to this solution, the ICP only need to make simplemodifications to the web page. The user uses a user-login-identificationmeans with an encryption storage space of over 1M Bytes to store theuser's login information. The data stored in the encryption storagespace can be accessed by API. The user can activate theuser-login-identification means of the administration/drive module byusing the PIN code.

The login verification serving party provides an encryptedauthentication file for each ICP to authorize and authenticate theauthorization. Because different ICPs have different authenticationfiles, each ICP could only access its own data and has no right toaccess the data of other ICP; an OCX is provided, and the ICP adds theOCX in its own web page so as to store and read out the relatinginformation in the corresponding area of the user-login-identificationmeans by invoking the Interface of the OCX. The OCX is also responsiblefor transmitting the ICP authentication files to the server of the loginverification serving party for verification.

The server terminal of the login verification serving party is used forverifying the ID of each ICP.

The user-login-identification means of the administration/drive moduleis based on the USB interface, and is provided with an encryptionstorage space of over 1M (which can be accessed via the API). There aretwo methods which can perform encryption. Simple encryption: protectingan encryption area by using only the user PIN code, and if the code iscorrect, the data stored in the encryption storage space can beaccessed; PKI encryption: including RSA 512 PKI key management, datastream encryption, and multi-key authorization management.

Wherein the administration/drive module is realized as follows:

After the administration/drive module is installed, a corresponding TrayIcon will be added on the user's desktop; and the user can activate orclose the administration/drive module. The user has to enter thepassword to activate the administration/drive module; theadministration/drive module monitors the port of theuser-login-identification means, when the user inserts theuser-login-identification means of the administration/drive module, theuser is asked to enter the password to activate theuser-login-identification means of the administration/drive module. Ifthe user cancels the operation or the entered password is not correct,the user-login-identification means of the administration/drive modulewill not be activated (in an inactive state). When the user pulls outthe user-login-identification means of the administration/drive module,the user-login-identification means of the administration/drive modulewill be closed; an function of modifying the PIN code is provided forthe user as wel as the function for setting up the submit mode contentinput and record mode of the administration/drive module by the user,and the function for leading in and leading out the information storedin the user-login-identification means of the administration/drivemodule in the case of simple encryption.

The encrypted authentication file comprising the authorizationinformation is provided to the ICP by the login verification servingparty.

The interface module can provide to the ICP an interface for reading outor writing to the user-login-identification means of theadministration/drive module; transmit the authentication file of the ICPto the login verification serving party for verification; and readfrom/write to the administration/drive module via API.

The server terminal verifies the ID of the ICP, and informs the resultto the OCX.

The invention comprises the following steps:

1. The login verification serving party distributes the authenticationfile to the ICP for verifying the ICP ID.

2. The login verification serving party provides to the ICP a standardcode sample which accesses the user-login-identification means of theadministration/drive module via the Interface of the OCX. The ICP addsthe storage and read code of the required data in the web page accordingto the code sample, and adds the link of OCX in the web page.

3. The user-login-identification means is provided with an original PINcode.

4. The user accesses the ICP website and automatically downloads thesoftware of the user's administration/drive module and the OCX (whichcan also be downloaded from the website of the login verificationserving party). The user is asked whether the software of theadministration/drive module should be installed, and if yes, theinstallation is performed. A corresponding Tray Icon will be added onthe user's desktop after the installation.

5. The user can activate the administration/drive module, close theadministration/drive module, modify the PIN code, and lead in/out theinformation stored in the administration/drive module by using theadministration/drive module software in the case that theuser-login-identification means of the administration/drive module isconnected.

6. The user accesses the ICP website, and the ICP reads theuser-login-identification means of the administration/drive module viathe Interface of the OCX. If the administration/drive module is in theactive state, the OCX will transmit the ICP authentication file to theserver terminal of the login verification serving party forverification. If the ICP is authorized, the server terminal will informthe OCX that the access to the user-login-identification means ispermitted.

7. If required information is read out, the OCX will return the contentto the ICP web page code and determine whether an automatic submit andlogin should be performed according to the user's setup. If the requiredinformation is not read out (user has not logged in), the OCX willinform the ICP web page code that required information is not read out.

8. The ICP stores data in the user's user-login-identification means ofthe administration/drive module via the interface of the OCX when theuser logs in the ICP website by using a set of registration informationfor the first time or selects to log in once more(user manually entersthe registration information). If the administration/drive module is inthe active state, the OCX will transmit the ICP authentication file tothe server terminal of the login verification serving party forverification. If the ICP is authorized, the server terminal will informthe OCX that the access to the user-login-identification means ispermitted. The OCX will store the data in the user-login-identificationmeans of the administration/drive module.

If a user has several sets of registration information in the sameregistration web page, to save these registration informationsimultaneously or only to save the last set is determined by theinterface parameters added in the web page by the ICP invoking the OCX.

Particular Embodiments

User: Mr. Wang; ICP: sina, 263; Mr. Wang's personal information is thathe has two usernames in the sina, wherein the username 1 is dingding andthe password is ding2002, and the username 2 is joy and the password is991817; and he has two e-mail addresses in the 263, wherein the e-mailaddress 1 is xiaowang@263.net and the password is 991817, the e-mailaddress 2 is xiaowang111@263.net and the password is 991817. Theuser-login-identification means of the administration/drive module hasan initial password of 12345678.

The login verification serving party distributes the authenticationfiles to the sina and the 263(the two authentication files aredifferent). At the same time the login verification serving partyprovides to the sina and the 263 the standard code sample which accessesthe user-login-identification means of the administration/drive modulevia the Interface of the OCX.

The sina provides the automatic downloads (linking to the website of thelogin verification serving party) of the OCX and the user'sadministration/drive module software in its own website. The sina addsthe relating code in the member login web page of its own website, andwhen the user opens the web page, the sina will read the information inthe user-login-identification means of the administration/drive modulevia the OCX. When the user logs in manually, the sina stores theinformation (including form number and user's information) in theuser-login-identification means of the administration/drive module viathe OCX. The sina has set that the old information will be overlapped bythe new information in the case that there is the information with thesame form number and there is not multi-registration information linkwindow.

The 263 provides the automatic downloads (linking to the website of thelogin verification serving party) of the OCX and the user'sadministration/drive module software in its own website. The 263 addsthe relating code in the member login web page of its own website, andwhen the user opens the web page, the 263 will read the information inthe user-login-identification means of the administration/drive modulevia the OCX. When the user logs in manually, the 263 stores theinformation (including form number and user's information) in theuser-login-identification means of the administration/drive module viathe OCX. Since there is multi-registration information link window inthe 263, the 263 sets that the new information will be stored as a newone in the case that there is the information with the same form numberin the 263.

Mr. Wang accesses www.sina.com.cn, and downloads theadministration/drive module software and the OCX automatically. When thedownload completes, a dialogue window of “whether theadministration/drive module software should be installed” is displayed.Mr. Wang selects yes and installs the administration/drive modulesoftware. When the installation completes, a Tray Icon named “theadministration/drive module software” is added on the desktop. Mr. Wanginserts the user-login-identification means of the administration/drivemodule, and the administration/drive module software prompts “enter thepassword:”, then Mr. Wang enters “12345678” and selects yes, so thatadministration/drive module is activated. The Tray Icon is shown as inthe active state. Mr. Wang clicks the Tray Icon of “theadministration/drive module”, and selects “modify the password”, andthen enters the password of 12345678; and enters the new password ofwang1817; and confirms the new password of wang1817. After theconfirmation, the password is modified into wang1817, and the Tray Iconis still shown as in the active state.

Mr. Wang selects user-login on the sina home page. The relating codeadded in the member login web page by the sina tries to read Mr. Wang'suser-login-identification means of the administration/drive module viathe interface of the OCX (which introduces the parameters such as formnumber). The OCX accesses the user-login-identification means of theadministration/drive module, and confirms that it is in the activestate. The OCX obtains the sina's authentication file and transmits itto the administration/drive module. The administration/drive modulelooks up the relating information in Mr. Wang'suser-login-identification means of the administration/drive moduleaccording to the authentication file and the form number, and if norequired information is found, the OCX will informs the sina that thepage code does not obtain the required information. Mr. Wang enters thelogin information in which the username is dingding and the password isding2002, and then logs in. The relating code added in the member loginweb page by the sina tries to store the data in Mr. Wang'suser-login-identification means of the administration/drive module viathe interface of the OCX (which introduces the parameters such as formnumber, user information, etc.). The OCX accesses theuser-login-identification means of the administration/drive module andconfirms that it is in the active state. The OCX obtains theauthentication file of the sina and transmits the file to theadministration/drive module. The administration/drive module looks upthe relating information in Mr. Wang's user-login-identification meansof the administration/drive module according to the authentication fileand the form number, and the OCX stores the data in Mr. Wang'suser-login-identification means of the administration/drive module inthe case that no identical form number is found. Mr. Wang closes thesina and enters the home page of the sina again, and it is detected thatthe administration/drive module software and the OCX have already beendownloaded, and the automatic download of the administration/drivemodule software and the OCX is not needed. Mr. Wang selects theuser-login. The relating code added in the member login web page by thesina tries to read Mr. Wang's user-login-identification means of theadministration/drive module via the interface of the OCX (whichintroduces the parameters such as form number, etc.). The OCX accessesthe user-login-identification means of the administration/drive moduleand confirms that it is in the active state. The OCX obtains theauthentication file of the sina and transmits the file to theadministration/drive module. The administration/drive module looks upthe relating information in Mr. Wang's user-login-identification meansof the administration/drive module according to the authentication fileand the form number, and the OCX transmits the information to the sinaweb page code in the case that the required information is found. Thesina web page code obtains the information and then automatically logsin by using the username of dingding and the password of ding2002. Mr.Wang selects to log in once more and enters the login information inwhich the username is joy and the password is 991817, and then logs in.The relating code added in the member login web page by the sina triesto store the data in Mr. Wang's user-login-identification means of theadministration/drive module via the interface of the OCX (whichintroduces the parameters such as form number, user information, etc.).The OCX accesses the user-login-identification means of theadministration/drive module and confirms that it is in the active state.The OCX obtains the authentication file of the sina and transmits thefile to the administration/drive module. The administration/drive modulelooks up the relating information in Mr. Wang'suser-login-identification means of the administration/drive moduleaccording to the authentication file and the form number, and the OCXstores the new data in Mr. Wang's user-login-identification means of theadministration/drive module to overlap the old data in the case that thesame form number is found. Mr. Wang clicks the Tray Icon of the“administration/drive module” and selects “close theadministration/drive module”, and then the Tray Icon is shown as in theinactive state.

Mr. Wang accesses www.263.net. It is detected that theadministration/drive module software and the OCX have already beendownloaded, and the automatic download of the administration/drivemodule software and the OCX is not needed. The mail-login relating codeadded in the home page by the 263 tries to read Mr. Wang'suser-login-identification means of the administration/drive module viathe interface of the OCX (which introduces the parameters such as formnumber). The OCX accesses the user-login-identification means of theadministration/drive module and finds that it is in the inactive state.The OCX informs the 263 that the page code does not obtain the requiredinformation. Mr. Wang clicks the Tray Icon of the “administration/drivemodule” and selects the “activate the administration/drive module”, andthen the Tray Icon is shown as in the active state. Mr. Wang enters themail-login information, in which the username is xiaowang@263.net andthe password is 991817, and then logs in. The mail-login related codeadded in the home page by the 263 tries to store the data in Mr. Wang'suser-login-identification means of the administration/drive module viathe interface of the OCX (which introduces the parameters such as formnumber, user information, etc.). The OCX accesses theuser-login-identification means of the administration/drive module andfinds that it is in the active state. The OCX obtains the authenticationfile of the 263 and transmits the file to the administration/drivemodule. The administration/drive module looks up the relatinginformation in Mr. Wang's user-login-identification means of theadministration/drive module according to the authentication file and theform number, and the OCX stores the data in Mr. Wang'suser-login-identification means of the administration/drive module inthe case that no identical form number is found. Mr. Wang selects to login once more and enters the login information in which the username isxiaowang111@263.net and the password is 991817, and then logs in. Themail-login relating code added in the home page by the 263 tries tostore the data in Mr. Wang's user-login-identification means of theadministration/drive module via the interface of the OCX (whichintroduces the parameters such as form number, user information, etc.).The OCX accesses the user-login-identification means of theadministration/drive module and confirms that it is in the active state.The OCX obtains the authentication file of the 263 and transmits thefile to the administration/drive module. The administration/drive modulelooks up the relating information in Mr. Wang'suser-login-identification means of the administration/drive moduleaccording to the authentication file and the form number, and the OCXstores the new data in Mr. Wang's user-login-identification means of theadministration/drive module without changing the old data in the casethat the same form number is found. Mr. Wang closes the 263 and entersthe home page of the 263 again, and it is detected that theadministration/drive module software and the OCX have already beendownloaded, and the automatic download of the administration/drivemodule software and the OCX is not needed. Mr. Wang selects theuser-login. The mail-login relating code added in the home page by the263 tries to read Mr. Wang's user-login-identification means of theadministration/drive module via the interface of the OCX (whichintroduces the parameters such as form number, etc.). The OCX accessesthe user-login-identification means of the administration/drive moduleand confirms that it is in the active state. The OCX obtains theauthentication file of the 263 and transmits the file to theadministration/drive module. The administration/drive module looks upthe relating information in Mr. Wang's user-login-identification meansof the administration/drive module according to the authentication fileand the form number, and the OCX transmits the information to the 263web page code in the case that two pieces of required information arefound. The 263 web page code obtains the information, and then displaystwo usernames of xiaowang@263.net and xiaowang111@263.net in thepulldown box of the username item. Mr. Wang clicks xiaowang@263.net andautomatically logs in by using the username of xiaowang@263.net and thepassword of 991817. Mr. Wang pulls out the user-login-identificationmeans of the administration/drive module, and the administration/drivemodule software closes the administration/drive module. The Tray Icon isshown as in the inactive state.

The authentication file is an encryption file. The authentication filecan include the primary information such as valid time, valid datasegment, etc. wherein the valid time defines the period of validity ofthe authentication file. If the authentication file exceeds the validdate, it is invalid, and then the login verification serving party hasto distribute the authentication file to the ICP again. The valid datasegment defines the valid data segment which can be accessed by the ICPin the user-login-identification means. The authentication file istransmitted to the administration/drive module by the OCX and decryptedby the administration/drive module. The procedure can also be performedby the following method:

The login verification serving party distributes the authentication fileto the ICP, and the OCX transmits the authentication file to the loginverification serving party in the case that the ICP tries to access theuser-login-identification means, and then the login verification servingparty transmits the verification result back to the OCX. In this case,the authentication file distributed to the ICP can only comprise simpleindex and verification information, but the login verification servingparty has to maintain a whole database of authentication files in orderto provide more renewal information.

It is to be understood that the preferred embodiments intend only toexplain but not to limit the present invention. Although the presentinvention has been described in detail by referring to theabove-mentioned embodiments, it should be appreciated that anymodifications or equivalents of the invention are not departing from theprinciple of the present invention.

1. A method for centralizing administration of user registrationinformation across networks, characterized by: including at least anInternet Content Provider (ICP) and a user-login-identification meanswhich can access an online terminal; wherein the ICP adds an interfacemodule in a login web page and accesses the user-login-identificationmeans via the interface module, and the ICP also provides anadministration/drive module monitoring access of theuser-login-identification means to set up a connection and hang up theconnection for the user-login-identification means in the login webpage; the user-login-identification means is provided with an ID number,and user's login identification information is stored in theuser-login-identification means; ICP access authentication informationis stored in the user-login-identification means to verify whether theaccessing ICP is authorized to access; if the accessing ICP passed theverification, its access is permitted, otherwise the access is notpermitted; wherein the ICP is permitted to access theuser-login-identification means only if it is authenticated, when theuser-login-identification means is activated; authenticating comprises,obtaining an authentication file via the interface module, transmittingthe authentication file to the administration/drive module, decryptingthe authentication file by the administration/drive module, andaccessing the user-login-identification means.
 2. The method of claim 1,wherein the administration/drive module can also lead in and/or lead outdata stored in the user-login-identification means so as to backup thedata; the administration/drive module can also automatically log in, inthe case that the ICP accesses the user-login-identification means viathe interface module and verifies the identification information.
 3. Themethod of claim 1, wherein the ICP accessing theuser-login-identification means includes checking the user IDidentification information stored in the user-login-identificationmeans, or generating the user ID identification information in theuser-login-identification means.
 4. The method of claim 3, wherein theICP reads the information stored in the user-login-identification means,and if login identification information is obtained, the interfacemodule returns the login identification information to the ICP web pageand determines whether a login-submit or an automatic submit & loginshould be performed according to user's setup; if the loginidentification information is not obtained, the interface module informsthe web page that the login identification information is not availableand stores the generated login identification information in theuser-login-identification means.
 5. The method of claim 4, wherein anICP web page is provided with a registration information window; the ICPinvokes parameters of the interface module and simultaneously savesseveral sets of registration information of a same web page or saves thelast set of registration information in the user-login-identificationmeans, and the registration information can also be displayed on the ICPweb page.
 6. The method of claim 5, wherein the an ICP web page isprovided with a registration information window; the ICP accesses theuser-login-identification means via the interface module and verifiesthe login identification information provided by the ICP web page, andstores new login identification information in theuser-login-identification means to overwrite original loginidentification information, and transfers relating information to theICP web page; the information is displayed on the web page after beingobtained.
 7. The method of claim 5, wherein the ICP web page is providedwith a plurality of window links of the registration information; theICP reads the user-login-identification information stored in theuser-login-identification means and verifies the login identificationinformation provided by the ICP web page; if verification appearsnegative, the login identification information is stored in theuser-login-identification means, and if positive, the loginidentification information is directly read out and the relatinginformation is transferred to the ICP web page; the information isdisplayed on the web page after being obtained.
 8. The method of claim1, further includes a login verification serving party for implementingprior authentication to the ICP and obtaining guide information of theuser-login-identification means.
 9. The method of claim 1, wherein theICP is connected with a login verification serving party which transmitsa code for accessing the user-login-identification means to the ICP, andthe ICP adds the login identification information in the login web pageaccording to the code, and the interface module transmits the ICPinformation to the login verification serving party for verification; ifthe ICP information passed the verification, the ICP is permitted toaccess the user-login-identification means, wherein the user activatesthe user-login-identification means by using a password, and then theICP accesses the login verification serving party for an authenticationvia the interface module; if the authentication is valid, the ICP canoperate the user-login-identification means via the interface module andthe actuating password used by the user is provided by the loginverification serving party or preset in the means; the encryption filesof the ICPs transmitted by the login verification serving party aredifferent from each other.
 10. A system for realizing the method forcentralizing administration of user registration information acrossnetworks, characterized by, comprising a computer, Internet networks, anICP and a user-login-identification means, wherein the computer can login the Internet networks to communicate with different ICPs; theuser-login-identification means is capable of accessing the computerfrom outside and has at least an identification number and encryptionstorage space; the user-login-identification means performs theinformation transmission by operating the computer.
 11. The system ofclaim 10, wherein the ICP is connected with a login verification servingparty which transmits a code for accessing the user-login-identificationmeans to the ICP, and the ICP adds the login identification informationin the login web page according to the code, and the interface moduletransmits the ICP information to the login verification serving partyfor verification; if the verification is valid, the ICP is permitted toaccess the user-login-identification means, and the login verificationserving party is a server.
 12. The system of claim 10, whereininformation transmission between the computer and theuser-login-identification means should be processed with encryption ordecryption; the encryption includes protecting an encryption area byusing the user's PIN code or utilizing RSA 512PKI key managementencryption method.
 13. The system of claim 12, wherein theuser-login-identification means is also provided with a storage regionfor storing the information of the ICP itself.
 14. The system of claim13, wherein the user-login-identification means is an external andportable memory means with a standard data interface, or a card-readermeans or an ID identifying means therof.
 15. The system of claim 14,wherein the user-login-identification means can be a USB storage device,a CF card, a MMC card, a SD card, a SMC card, an IBM Micro Drive card, aflash storage module or and IC card.
 16. The system of claim 14, whereinthe portable memory card-reader means can be a CF card processor, a MMCcard processor, a SD card processor, a SMC card processor, an IBM MicroDrive card processor or an IC card processor.
 17. The system of claim13, wherein the user-login-identification means is a computerperipheral, such as a keyboard, a mouse, a handwriting board or soundboxes.
 18. The system of claim 13, wherein the user-login-identificationmeans is a portable PDA, a music player or an electrical dictionary.